35 {{ upvoteCount | shortNum }}
35 {{ upvoteCount | shortNum }}

So I went to Hostgator to install another blog...

by timpears
28 replies
So I went to Hostgator to install another blog, and clicked on the Fantastico Delux icon and got a real surprise. They are retiring Fantasycio Delux, and I was prompted to use Quick Install. So I have always used Fantistco except one time. I am a bit uncomfortable not being able to access it.

What is the happs? Is Fantastico now being discontinued, or is HG just not wanting to pay the renewal on it?
#blog #hostgator #install
  • Profile picture of the author Jarrod
    So what? They both get the job done, no?

    Things are always changing in this industry.
    {{ DiscussionBoard.errors[9453127].message }}
  • Profile picture of the author Alexa Smith
    Banned
    Don't know ... but "one-click installations" for WordPress (if we're talking about WordPress?) are the least secure way to do it. Almost all the people whose WordPress blogs at "big-name hosts" like HostGator get randomly or maliciously hacked have installed it as a one-click operation from their cPanel ...

    .
    {{ DiscussionBoard.errors[9453131].message }}
    • Profile picture of the author wiifm
      Originally Posted by Alexa Smith View Post

      Don't know ... but "one-click installations" for WordPress (if we're talking about WordPress?) are the least secure way to do it. Almost all the people whose WordPress blogs at "big-name hosts" like HostGator get randomly or maliciously hacked have installed it as a one-click operation from their cPanel ...

      .
      Most of the people who do one click installs don't have a clue that it's not finished. You still need to install and configure your own security.
      Signature
      Now ANYONE Can Create and Sell Their Own Product!
      http://2trk4.us/show/how
      {{ DiscussionBoard.errors[9453153].message }}
      • Profile picture of the author agmccall
        Who cares, really, they give you several options for one click wordpress installs so just choose another one and move on. There is not need for you to post here for something as trivial as that

        al
        Signature

        "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison

        {{ DiscussionBoard.errors[9453162].message }}
        • Profile picture of the author Tom B
          Banned
          Originally Posted by agmccall View Post

          Who cares, really, they give you several options for one click wordpress installs so just choose another one and move on. There is not need for you to post here for something as trivial as that

          al

          Al, I'm trying to recall a post where you actually helped someone. Nope, I can't think of one and I have seen enough of your posts to see a pattern. A bad pattern of being overly critical without offering any help. Maybe you should take a break from the forum because it sure seems most topics are not up to your scrutiny.
          {{ DiscussionBoard.errors[9453197].message }}
        • Profile picture of the author timpears
          Originally Posted by agmccall View Post

          Who cares, really, they give you several options for one click wordpress installs so just choose another one and move on. There is not need for you to post here for something as trivial as that

          al
          Then why in hell did you respond? It was just a question to see if the software was being retired of it HG was the culprit? But I am repeating myself that you obviously didn't read. Sorry I offended you with my question.
          Signature

          Tim Pears

          {{ DiscussionBoard.errors[9453368].message }}
          • Profile picture of the author agmccall
            Originally Posted by timpears View Post

            Then why in hell did you respond? It was just a question to see if the software was being retired of it HG was the culprit? But I am repeating myself that you obviously didn't read. Sorry I offended you with my question.
            You did not offend me at all, but, thank you for your concern.

            I was merely pointing out that it was a question for hostgator, I truly apologize if you could not figure out who to ask your question to. I will try to be more sensitive next time

            al
            Signature

            "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison

            {{ DiscussionBoard.errors[9453388].message }}
        • Profile picture of the author nicheblogger75
          Originally Posted by agmccall View Post

          Who cares, really, they give you several options for one click wordpress installs so just choose another one and move on. There is not need for you to post here for something as trivial as that

          al
          If you are not going to lend a hand or add something useful to thread, then why post at all? Isn't that a waste of time?
          Signature
          FREE YouTube Marketing Playbook Video Course (20 Videos)
          {{ DiscussionBoard.errors[9453406].message }}
          • Profile picture of the author mojojuju
            Originally Posted by nicheblogger75 View Post

            If you are not going to lend a hand or add something useful to thread, then why post at all? Isn't that a waste of time?
            But isn't your post a waste of time? And mine too?
            Signature

            :)

            {{ DiscussionBoard.errors[9453591].message }}
        • Profile picture of the author Trivum
          Originally Posted by agmccall View Post

          Who cares, really, they give you several options for one click wordpress installs so just choose another one and move on. There is not need for you to post here for something as trivial as that

          al
          Actually, the OP helped me. It alerts me to a possible situation that could affect my business.
          {{ DiscussionBoard.errors[9521790].message }}
  • Profile picture of the author ForumGuru
    Banned
    I've used Fantastico and Quick Install but Softaculous is the new kid on the block with 335 scripts currently...

    Softaculous

    And yeah, I do many manual installs as well.

    Cheers

    -don
    {{ DiscussionBoard.errors[9453146].message }}
  • Profile picture of the author CyberAlien
    Originally Posted by timpears View Post

    What is the happs? Is Fantastico now being discontinued, or is HG just not wanting to pay the renewal on it?
    That's not surprising, HostGator was one of the last major hosts using Fantastico. It's been years since their last major update and there's a lot better alternatives like Softaculous out there.
    {{ DiscussionBoard.errors[9453291].message }}
  • Profile picture of the author MikeFriedman
    Tim,

    Consider it a blessing. Fantastico was an awful setup. It basically installed Wordpress with known vulnerabilities. It was a hacker's delight.

    Manual installs are the best way to go, and they are super easy. You can do one in less than 10 minutes once you get the hang of it.
    {{ DiscussionBoard.errors[9453308].message }}
  • Profile picture of the author ColT83
    Quick Install is pretty much the same thing.

    Its juts as simple to use and I haven't had fantastico in my c panel for 6 months now.
    {{ DiscussionBoard.errors[9453436].message }}
  • Profile picture of the author kindsvater
    I had the same surprise this morning. No warning. A list of blog installs nicely laid out in Fantastico gone too, and not imported into QuickInstall. A bit of an annoyance.

    But not as annoying as the reason I was checking my sites. Apparently, HostGator did not appreciate me having more than 1 million files on a shared hosting account and a few had to be deleted or moved.

    The advertising of "unlimited disk space" just isn't true. You get "unlimited disk space" but using "unlimited disk space" is not acceptable.

    .
    Signature
    {{ DiscussionBoard.errors[9453818].message }}
    • Profile picture of the author mojojuju
      Originally Posted by kindsvater View Post

      I had the same surprise this morning. No warning. A list of blog installs nicely laid out in Fantastico gone too, and not imported into QuickInstall. A bit of an annoyance.

      But not as annoying as the reason I was checking my sites. Apparently, HostGator did not appreciate me having more than 1 million files on a shared hosting account and a few had to be deleted or moved.

      The advertising of "unlimited disk space" just isn't true. You get "unlimited disk space" but using "unlimited disk space" is not acceptable.

      .
      It's all about the inodes which is not the same as disk space . It's about number of files and folders, and not the space they use. BUUUT - if you didn't reach the inode limit and you had fewer but larger files taking up the same amount of space - well then they'd probably get on you about hosting large files or something like that. Anyway, the whole "unlimited" thing is a sham, isn't it?

      It's kind of neat though. They're on one hand saying, "We're going to give you unlimited disk space", but on the other hand, they will enforce technical restrictions that will effectively make sure that your usage of disk space will be within limits that they find acceptable.
      Signature

      :)

      {{ DiscussionBoard.errors[9453831].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by kindsvater View Post


      The advertising of "unlimited disk space" just isn't true. You get "unlimited disk space" but using "unlimited disk space" is not acceptable.
      I think you knew that.
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[9454969].message }}
  • Profile picture of the author thomas24
    But what? They will both get the job done, no?
    {{ DiscussionBoard.errors[9454016].message }}
    • Profile picture of the author Alexa Smith
      Banned
      Originally Posted by thomas24 View Post

      They will both get the job done, no?
      If by "the job", you mean "leaving yourself wide open to random hacking" because you're using just about the least secure, most common and easily hackable kind of website there is", then yes: I think you probably have it absolutely right.


      .
      {{ DiscussionBoard.errors[9454341].message }}
      • Profile picture of the author Dan Thompson
        Originally Posted by Alexa Smith View Post

        If by "the job", you mean "leaving yourself wide open to random hacking" because you're using just about the least secure, most common and easily hackable kind of website there is", then yes: I think you probably have it absolutely right.
        .
        Why does installing a script using Softaculous/Fantastico make it less secure than installing it manually?
        Signature

        I'm a director of D9 Hosting
        The only host in the world to offer a 1 Click DLGuard installation feature from within the cPanel.
        Join today, and receive a 10% discount by using the following coupon code: Warriors

        {{ DiscussionBoard.errors[9454598].message }}
        • Profile picture of the author MikeFriedman
          Originally Posted by Dan Thompson View Post

          Why does installing a script using Softaculous/Fantastico make it less secure than installing it manually?
          Alexa is 100% correct.

          8 Terrifying Reasons Hackers Love it When You Install WordPress Using 1-Click Methods | Design Panoply

          You can find tons of articles like this.

          More specifically though, this one lists out the main problems with Fantastico.

          WordPress Security Risks Using Auto Installers - Fantastico
          1. An outdated version of WordPress. It installed WP version 3.0.3. The current version today is 3.0.4. Not good to start out with outdated WordPress since 3.0.4 was a important security update. (To me this is not a huge deal because you can instantly upgrade it.)
          2. Created database name of wrdp1. This is standard. If I created another one it would be wrdp2. Malicious hackers know this is how they’re created and it gives them more ammo.
          3. Created a database username the same as my database name. Why make it so easy for evil doers? They just need to guess my password now.
          4. The database password is 12 characters long and contains upper and lowercase letter and numbers. Not too bad, but I prefer 14 characters minimum and some symbols too.
          5. The table prefix created was wp_. I was given no option to choose the table prefix. Crackers know this is standard. You should use something other than wp_.
          6. Created a file named fantversion.php, which is common for all auto installers. This is a security risk if crackers know how to break into it.

          And another good article about it... http://www.komku.org/2013/10/why-wor...is-better.html

          And a quick guide on doing a manual Wordpress installation for those who are interested...

          http://www.komku.org/2013/09/the-beg...-manually.html
          {{ DiscussionBoard.errors[9454703].message }}
          • Profile picture of the author Dan Thompson
            Originally Posted by MikeFriedman View Post

            The article is from January 2013, the issues it raises are no longer applicable to the 1 click install applications users are using is 2014.

            Originally Posted by MikeFriedman View Post

            More specifically though, this one lists out the main problems with Fantastico.

            WordPress Security Risks Using Auto Installers - Fantastico
            As somebody else mentioned in another reply, Fantastico is an ancient product that is no longer supported, which is why hosts don't offer it anymore. If you're with a Web Host that still offers it, then get in touch with them and tell them to replace it with a product that's still actively developed and supported!

            Originally Posted by MikeFriedman View Post

            [*]An outdated version of WordPress. It installed WP version 3.0.3. The current version today is 3.0.4. Not good to start out with outdated WordPress since 3.0.4 was a important security update. (To me this is not a huge deal because you can instantly upgrade it.)
            Fantastico was horrible when it came to pushing out the latest versions of scripts, but nowadays updates to scripts are usually pushed out by the 1 click installers in 24 hours.

            Originally Posted by MikeFriedman View Post

            [*]Created database name of wrdp1. This is standard. If I created another one it would be wrdp2. Malicious hackers know this is how they're created and it gives them more ammo.
            The user specifies the database name to use when using a 1 click installer, or when creating a database manually. 1 click installers don't force users to use wrdp1, wrdp2, etc as the database name and haven't for some time.

            Originally Posted by MikeFriedman View Post

            [*]Created a database username the same as my database name. Why make it so easy for evil doers? They just need to guess my password now.
            As above, the user is in full control of specifying the database username using both the 1 click and manual installation method.

            Originally Posted by MikeFriedman View Post

            [*]The database password is 12 characters long and contains upper and lowercase letter and numbers. Not too bad, but I prefer 14 characters minimum and some symbols too.
            As above, although certain 1 click installers (Softaculous) allow the host to set minimum password strength requirements.

            Originally Posted by MikeFriedman View Post

            [*]The table prefix created was wp_. I was given no option to choose the table prefix. Crackers know this is standard. You should use something other than wp_.
            The table prefix can be set to anything you like when running the 1 click installer, it doesn't have to be wp_

            Originally Posted by MikeFriedman View Post

            [*]Created a file named fantversion.php, which is common for all auto installers. This is a security risk if crackers know how to break into it.[/LIST]
            N/A - see previous point about Fantastico, it's not been developed or updated for yonks and hosts shouldn't still be using it

            Originally Posted by MikeFriedman View Post

            This article just brings up the same points as the other?

            I don't want it to seem like I'm getting at you, I'm certainly not, but IMO it's just not the case in 2014 that installing a script manually or via a 1-click installer is any more or less secure. Although I don't mind a good debate so would be happy to be proved wrong!
            Signature

            I'm a director of D9 Hosting
            The only host in the world to offer a 1 Click DLGuard installation feature from within the cPanel.
            Join today, and receive a 10% discount by using the following coupon code: Warriors

            {{ DiscussionBoard.errors[9454894].message }}
  • Profile picture of the author aussiebrah
    I just installed wordpress for the first time and used QuickInstall. It seemed to go fine, I received the email with my admin link, but when I click on the link to my wp admin dashboard, it says "Not found. The requested URL /wp-admin was not found on this server.'

    wtf man
    {{ DiscussionBoard.errors[9454744].message }}
  • Profile picture of the author MikeFriedman
    Dan,

    I'm mostly talking about Fantastico. Believe it or not, there are still a ton of hosts using Fantastico. Take it from someone that has over 125 hosting accounts. I see it all the time. Not everyone is aware of the security problems with Fantastico. In fact, I would venture to guess that most people are not. The OP was using it up until yesterday.

    Softaculous has gotten much better in the past year, if someone takes the time to use all the options they now offer. Many people do not. Previous versions of Softaculous had similar problems to Fantastico.

    Also, I would highly recommend anyone using Wordpress use iThemes Security to further secure it.
    {{ DiscussionBoard.errors[9454967].message }}
  • Profile picture of the author Kingfish85
    I can't tell you the last time I've seen a Wordpress site hacked simply due to the database prefixes or other settings Softaculous or Fantastico have. The problem here is that these are installation tools, NOT security tools. Securing your sites is not something they're responsible for.

    How does changing the database prefix, using weak or even strong passwords protect against someone who blindly installs every junk theme or plugin under the sun?

    The problems aren't with the installers, they do what they're supposed to do: install the software. While you can most of the time change all of these settings, they do absolutely nothing against a poorly coded plugin/theme or any other script.

    Another issue is you have people that start changing file permissions because they get an error - there's another door to upload shells.

    Not changing the temporary password when the hosting account is created - another door into the account.

    Not using strong passwords - another door into the account.

    Using the same passwords across multiple accounts - another door into the account.

    Emailing passwords back and forth in emails - another door into the account.

    The biggest door of all - junk plugins & themes.

    These installers are hardly root of the problem.

    //

    You shouldn't be reliant upon the installer to install updates for your sites. Some have the feature, but again, you shouldn't be reliant upon it.

    Change all the prefixes & database usernames/passwords you want - the first exploited plugin that allows an attacker to upload any scripts, all of that database stuff becomes irrelevant because they now have access through another vector which is much more common that trying to brute force their way into the database.
    Signature

    |~| VeeroTech Hosting - sales @ veerotech.net
    |~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
    |~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
    |~| Visit us @veerotech Facebook - Twitter - LinkedIn

    {{ DiscussionBoard.errors[9455089].message }}
  • Profile picture of the author extrememan
    I prefer the quick install. It's easier then ever now. My guess it's an outdated software and Hostgator are looking out for there customers and user experience. Have you asked them directly? I know they take feedback seriously.
    {{ DiscussionBoard.errors[9455106].message }}
  • Profile picture of the author LuckyIMer
    Fantastico is very old and most providers I have seen are no longer using it, most hosting provider are using either Softaculous.
    Signature
    Increase Sales With These Business Consulting Tips !
    {{ DiscussionBoard.errors[9456361].message }}
    • Profile picture of the author wordwizard
      Originally Posted by kindsvater View Post

      I had the same surprise this morning. No warning. A list of blog installs nicely laid out in Fantastico gone too, and not imported into QuickInstall. A bit of an annoyance.

      But not as annoying as the reason I was checking my sites. Apparently, HostGator did not appreciate me having more than 1 million files on a shared hosting account and a few had to be deleted or moved.

      The advertising of "unlimited disk space" just isn't true. You get "unlimited disk space" but using "unlimited disk space" is not acceptable.

      .

      Thanks kindsvater.

      That's my own question: How do I access the list of blogs I installed with Fantastico (I would like to delete a few to get under the inodes limit).

      And speaking of inodes... you managed to have 1 million files? I thought the limit was 100,000! That's when they stop backing up the account.
      Signature

      FREE Report: 5 Ways To Grow Your Affiliate Income
      Let Me Help You Sell: Sales Letters, Email Series, Pre-Sell Reports... PM me & we'll talk!
      {{ DiscussionBoard.errors[9521055].message }}

Trending Topics